D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: voldemar on November 18, 2011, 12:11:19 PM
-
Hi,
I hope I've read all the topics but with no luck.
What I've done:
ARP mode:publish interface:wan1 ip_address:wan1-ip2 mac:00-00-00-00-00-00
Route: inteface:core network:wan1-ip2/32 nogw, nolocalip metric:0
IP Rules:
SAT: src-if:wan1 src-net: all-nets dst-if: core dst-net:wan1-ip2 service:all_tcp new_ip: ip@lan_net
NAT: src-if: wan1 src-net: all-nets dst-if: core dst-net:wan1-ip2 service:all_tcp
NAT sender address: here I'm unsure of what exactly should be there, but lan_ip e.g. the dflt gateway
for lan_net seems to be logical
From Status logging I see that packet gets translated - both src and dst and I also see ack packet returning from the ip@lan_net and there it end's, it doesn't seem to be translated back to be able to return to
internet with the net1-ip2 src address.
Any help is appreciated.
Is it even possible to do that what I'm trying to?
--
regards,
voldemar
-
First, change
Route: inteface:core network:wan1-ip2/32 nogw, nolocalip metric:0
Address should be just IP, not network (even /32)
Next, on SAT rule, you don't need to specify anything except new destination IP
If DFL shows you packed transmitted into local IP, check your internal system - maybe, it had rejected packets by something like firewall
-
Thx for the comment.
Checked the conf, It appears that I automatically added /32 while typing the text.
In real conf it was just an IP.
Didn't quite understand the SAT rule comment. Anything on any tab?
DFL was showing the packet going and ack packet coming, but that packet
either didn't go back out or had wrong src or dst IP.
-
From where you're trying? From inside or ourside?
-
Issue solved. ISP had some "leftover" acl defined on outgoing traffic,
therefore packets got in, but didn't get out. And some routing issues
are still being solved, since only half of the subnet got "fixed".
And I was scratching my head off :(
Thank you for the support.